CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2006-0219
https://notcve.org/view.php?id=CVE-2006-0219
16 Jan 2006 — The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php. • http://community.mybboard.net/showthread.php?tid=5853&pid=35088#pid35088 •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2005-4602
https://notcve.org/view.php?id=CVE-2005-4602
31 Dec 2005 — SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment. • http://secunia.com/advisories/18281 •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2005-4603
https://notcve.org/view.php?id=CVE-2005-4603
31 Dec 2005 — Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread. • http://secunia.com/advisories/18281 •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2005-4200
https://notcve.org/view.php?id=CVE-2005-4200
13 Dec 2005 — Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199. • http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2005-3326 – MyBulletinBoard (MyBB) 1.0 - 'usercp.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3326
27 Oct 2005 — SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter. • https://www.exploit-db.com/exploits/26396 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2005-2697 – MyBulletinBoard (MyBB) 1.00 RC4 - 'search.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-2697
25 Aug 2005 — SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. NOTE: this issue might overlap CVE-2005-0282. • https://www.exploit-db.com/exploits/1172 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2005-2580 – MyBulletinBoard (MyBB) RC4 - 'action' SQL Injection
https://notcve.org/view.php?id=CVE-2005-2580
16 Aug 2005 — Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php. • https://www.exploit-db.com/exploits/26150 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2005-1811
https://notcve.org/view.php?id=CVE-2005-1811
01 Jun 2005 — Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile. • http://seclists.org/lists/bugtraq/2005/May/0338.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2005-1832
https://notcve.org/view.php?id=CVE-2005-1832
31 May 2005 — Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the (1) forums, (2) version, or (3) limit parameter to misc.php, (4) page or (5) datecut parameter to forumdisplay.php, (6) username, (7) email, or (8) email2 parameter to member.php, (9) page or (10) usersearch parameter to memberlist.php, (11) pid or (12) tid parameter to showthread.php, or (13) tid parameter to printthread.php. • http://marc.info/?l=bugtraq&m=111757191118050&w=2 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2005-1833 – MyBulletinBoard (MyBB) 1.00 RC4 - 'calendar.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-1833
31 May 2005 — Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.... • https://www.exploit-db.com/exploits/1022 •